Password checking and loading/removing from storage has been
decoupled. A new auth_check_pass function is used to check passwords.
It does check against the configured storage first, but will handle
the authentication backends as well. The XML storage merely signals
that a user's password should be checked using an authentication
backend.

If unknown-to-bitlbee users identify using an authentication backend,
they are automatically registered.

If an authentication backend is used, that fact is stored in the XML
file, the password is not. Passwords are also stored unencrypted in
this case, as the password used to encrypt them can change underneath
us.